Microsoft’s February 2026 Patch Tuesday Resolves 6 Zero-Days, 58 Vulnerabilities
Microsoft has released its February 2026 Patch Tuesday, addressing a total of 58 vulnerabilities in its software. This update includes fixes for six zero-day vulnerabilities that have been actively exploited, along with three publicly disclosed issues.
Details of the February 2026 Patch Tuesday
Among the 58 flaws, five have been classified as “Critical.” The breakdown of vulnerabilities is as follows:
- 25 Elevation of Privilege vulnerabilities
- 5 Security Feature Bypass vulnerabilities
- 12 Remote Code Execution vulnerabilities
- 6 Information Disclosure vulnerabilities
- 3 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
These statistics reflect only the vulnerabilities addressed in the latest updates and do not include three Microsoft Edge flaws patched earlier this month.
Actively Exploited Zero-Day Vulnerabilities
This month, six zero-day vulnerabilities were fixed, three of which had already been publicly disclosed. Here is a summary of these vulnerabilities:
- CVE-2026-21510: Windows Shell Security Feature Bypass – This flaw can be triggered by opening a crafted link or file, potentially allowing an attacker to bypass security prompts.
- CVE-2026-21513: MSHTML Framework Security Feature Bypass – This vulnerability allows unauthorized access over a network.
- CVE-2026-21514: Microsoft Word Security Feature Bypass – Attackers must send a malicious Office file to exploit this flaw.
- CVE-2026-21519: Desktop Window Manager Elevation of Privilege – Successful exploitation grants SYSTEM privileges to the attacker.
- CVE-2026-21525: Windows Remote Access Connection Manager Denial of Service – This vulnerability allows disruptions to local service operations.
- CVE-2026-21533: Windows Remote Desktop Services Elevation of Privilege – Enables privilege escalation for authorized attackers within the system.
Attribution for these discoveries involves multiple teams including the Microsoft Threat Intelligence Center, the Microsoft Security Response Center, and external contributors like the Google Threat Intelligence Group.
Additional Updates
Aside from security updates, Microsoft is also rolling out new Secure Boot certificates in response to the original certificates expiring in June 2026. This update ensures a phased rollout based on device compliance.
The complete details regarding these updates can be found in the dedicated articles for Windows 11 and Windows 10 cumulative updates on Filmogaz.com.
As vulnerability threats continue to evolve, it is crucial for users to ensure timely updates to protect their systems from emerging attacks.
